What can we do to tackle the consequences of the Investigatory Powers Bill passing into law? (Image c/o Maurice on Flickr.)

Many thanks to Nik Williams of Scottish PEN for the following article on the Investigatory Powers Bill.

So there we have it. After a year of discussion and debate, the 1000+ pages of documents outlining the role of surveillance in a modern democracy has passed through both Houses of Parliament. After a bloated few weeks, with discussion monopolised by an ill-placed amendment on press regulation, the Investigatory Powers Bill will soon be an act of parliament. Here at Scottish PEN this occasion can only be met with resignation and deeply held reservations.

The nature of the closing weeks’ discussion in both houses should depress even the chambers’ most ardent supporters. With Baroness Hollins’ proposed amendment to extend exemplary damages to victims of phone hacking from newspapers not signed up to an approved regulator, the debate drifted away from the surveillance powers in the bill that will distinguish the UK from every established democracy in the world, towards a rehash of a discussion that has been left unfinished following the Leveson enquiry in 2011/12.

This did the bill and our civil liberties a disservice. When was the last time we heard the MPs and Peers use the words ‘bulk’, ‘communications data’, ‘request filter’, ‘interception’ or ‘civil liberties’? While phone hacking and press regulation commandeered space reserved for surveillance powers, these issues were ignored, scrutiny was frozen and forsaken and consensus across the house was assumed.

So now we are left with powers that enable our web records to be stored by public bodies on every British citizen for 12 months; the capacity of intelligence agencies to hack and potentially destroy devices, systems or networks; powers that collect data on the many to find the few and obligations that can be foisted on technology companies to undermine encryption. This is a crude summary of the powers – the sheer scale and the impact of the bill will only be fully realised when the bill is enacted.

So what do we do now? We mobilise, we secure, we seek to frustrate those who watch over us, we get smart. Interrogating what platforms we use and their privacy agreements are not luxuries afforded to the serial paranoiacs or techies alone, they are the actions we all need to take – they represent the markers on a roadmap we must all use to navigate our way through a narrowing and treacherous landscape.

These are obligations that fall to all of us; whether we write, research, communicate or shop online, whether we offer digital services to others, we all need to position privacy at the heart of our thinking, not as a peripheral second-thought. This is never truer than the situation public, academic and specialist libraries now find themselves in. Crudely defined as a telecommunication provider, as the IP Bill lacks any lower threshold to who can be obliged to store data and other requests from the state, the already precarious existence of libraries in the UK is further placed in jeopardy. But can libraries, seen by many as a refuge or sanctuary, be places that invite surveillance and consolidate our private information?

Following a pilot workshop at Glasgow Women’s Library in July, Scottish PEN is rolling out a series of workshops in Edinburgh, Orkney and Perth to build the capacity of libraries across these regions to protect the digital security and privacy of both their institutions and patrons. With libraries operating for many as the portal to the online word to facilitate communication, research, shopping and applying for jobs or benefits, how libraries can continue to offer these services in good faith in light of these new obligations is something we need to address now.

We do not believe in the principle that the collection of private data of innocent citizens will guarantee our safety or security (a belief mirrored by the intelligence agencies who fear, according to a confidential M15 report, that collecting too much data “creates a real risk of ‘intelligence failure’ i.e. from the Service being unable to access potentially life-saving intelligence from data that it has already collected”). But it appears that we all, including the intelligence agencies, need to strap in and assume nothing is sacred, nothing is beyond the reach of the voraciously hungry state.

But we need not be resigned to this fate. We need to know these powers inside and out, what they cover, what they don’t, and what they may enable through vague wording and overly broad interpretations. We need to listen to those who have things to say about encryption, threat modelling and zero-knowledge systems, and perhaps most importantly, we need to feel confident to reach out to others to ask questions and share knowledge, and this is where libraries can truly shine. The idea of a library being a repository of collective knowledge and endeavour is not new, but why can’t this approach be used to see libraries as spaces within which we can explore privacy enabling technologies, discuss the role of surveillance in our modern and digital democracy and learn more.

Perhaps then we can renew privacy’s position as a fundamental right, perhaps then we can reclaim the Internet as a space for exploration as opposed to a space of observation, perhaps then we will know how much of us is up for grabs.

These are a great deal of perhaps, but it gives us a place to start and that is better than nothing.